Updated September 2023

KPMG recognizes the importance of maintaining the privacy, confidentiality, and security of the information that parties entrust us with during the course of business and this includes personal information (sometimes referred to as “personal data”, "personally identifiable information" or "PII") that are collected online.

Throughout this privacy statement (“Privacy Statement”), “KPMG”, “we”, “our” and “us” refer to the global organisation or to one or more of the member firms of KPMG International Limited (“KPMG International”), each of which is a separate legal entity.  KPMG International Limited is a private English company limited by guarantee and does not provide services to clients. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.

This Privacy Statement aims to explain how we handle and protect your personal data and what KPMG’s data protection obligations are along with your rights. “Personal data” in this Privacy Statement means information that either by itself or in combination with other personal data may identify an individual.

1. Collection and use of personal information


1.1   What personal information do we collect

The personal information that we collect include, but are not limited to your name, contact details (phone and e-mail address), organisation and designation.

If you choose to register or login to a KPMG website using a third party single sign-in service that authenticates your identity and connects your social media login information (e.g. LinkedIn, Google, or Twitter) with KPMG, we may collect any information or content needed for the registration or log-in that you have permitted the social media provider to share with us, such as your name and email address. Other information we collect will depend on the privacy settings you have set with your social media provider, so please review their privacy statement or policy of the applicable service.

It is important to be aware that if you access another party’s website or application using one of our products or services or via our website, that other party will deal with your personal information in accordance with its own privacy policy. You may need to review the relevant privacy policy provided by the party on its website.

Generally, we do not collect any sensitive personal data. If required to, your consent will be needed prior to you furnishing us with the personal data that is considered as sensitive.


1.2   Where do we collect the information from

We collect your personal information when, for example, you submit on the KPMG portal, an enquiry on services that we provide or register for events that we organise.  If you were previously an employee of KPMG, we may also collect your personal information when you register as an alumni member of KPMG on the KPMG Alumni portal.

As detailed in the paragraph below on “Automatic Collection of Personal Information”, in certain instances, KPMG and its service providers use cookies, web beacons and other technological tools to automatically collect certain types of information when you visit us online.


1.3   What do we use the information for

When you register or submit your personal information to KPMG, we will use this information for the purpose for which it was collected and, in the manner outlined in this Privacy Statement. Your personal information is not used for other purposes, unless we obtain your consent, or unless otherwise required or permitted by laws and regulations.


1.4   The legal basis by which we process your personal data

We collect your personal information to process your request, on the basis of consent.


1.5   Automatic collection of personal information

In certain instances, KPMG and its service providers use cookies, web beacons and other technological tools to automatically collect certain types of information when you visit us online, as well as through emails that we may exchange. The collection of this information allows us to customize your online experience, improve the performance, usability, and effectiveness of KPMG's online presence, and to measure the effectiveness of our marketing activities.


1.5.1 IP Addresses

An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognise and communicate with one another. IP addresses from which visitors appear to originate will be recorded for IT security and system diagnostic purposes. This information may be used in aggregate form to conduct website trend and performance analysis.


1.5.2 Cookies

Cookies may be placed on your computer or internet-enabled device whenever you visit us online. This allows the site to remember your computer or device and serves a number of purposes.

On some of our websites, a notification banner will appear allowing you to manage your consent to collect cookies (cookie banner). Below is a summary of the categories of cookies collected on our websites, and how your consent may impact your experience of certain features as you navigate those websites:

·       Strictly necessary cookies: These cookies are essential in order to enable users to move around the website and use its features, such as accessing secure areas of the website. These cookies must be enabled or the site will not function and cannot be blocked.

·       Performance cookies: These cookies are used to gather data to enhance the performance of a website.

·       Functionality cookies: These cookies are used to remember customer selections that change the way the site behaves or looks. You may opt out of these cookies, but it will impact your experience on the website, and you may need to repeat certain selections each time you visit.

·       Targeting cookies or advertising cookies: Targeting cookies are used to deliver content relevant to your interests. These are also used to limit the number of times you see certain marketing materials, as well as help measure the effectiveness of those marketing materials. If you do not provide consent for targeting cookies, your computer or internet-enabled device will not be tracked for marketing-related activities.

You can manage your consent for performance cookies, functionality cookies and targeting cookies using the cookie banner, or by updating your browser’s settings (often found in your browser’s Tools or Preferences menu) to not accept cookies.

Further information about managing cookies can be found in your browser’s help file or through sites such as www.allaboutcookies.org.

Below is a list of the types of cookies used on our website:



Type & Expiry

Performance (i.e. User’s Browser)

Our websites are built using common

internet platforms. These have built-in

cookies which help compatibility issues (e.g. to identify your browser type) and improve performance (e.g. quicker loading of content)

Session, deleted upon closing

the browser, or persistent.

Security Cookies

If you register for access to a restricted area, our cookies ensure that your device is logged for the duration of your visit. You will need your username and password to access the restricted areas.

Session, deleted upon closing

the browser, or persistent.

Site Preferences

Our cookies may also remember your site

preferences (e.g. language) or seek to

enhance your experience (e.g. by

personalizing a greeting or content). This will apply to areas where you have registered specifically for access or create an account.

Session, deleted upon closing

the browser, or persistent.


We use several third-party analytics tools to help us understand how site visitors use our website. This allows us to improve the

quality and content on kpmg.com for our visitors. The aggregated statistical data cover items such as total visits or page views, and referrers to our websites. For further details on the use of Google Analytics, see below.

Persistent, but will delete

automatically after two years if

you no longer visit kpmg.com

Social sharing

We use third party social media widgets or

buttons to provide you with additional

functionality to share content from our web

pages to social media websites and email. Use of these widgets or buttons may place a cookie on your device to make their service easier to use, ensure your interaction is displayed on our web pages (e.g. the social share count cache is updated) and log information about your activities across the internet and on our websites. We encourage you to review each provider’s privacy information before using any such service. For further details on the use of social media widgets and applications, see below.

Persistent, but will be deleted

automatically after two years if

you no longer visit kpmg.com

Other third-party tools and widgets may be used on our individual web pages from time to time to provide additional functionality. Depending on how you set your preferences in your browser and/or the cookie banner, use of these tools or widgets may place a cookie on your device to make their service easier to use, and ensure your interaction is displayed on our webpages properly.

Cookies by themselves do not tell us your email address or otherwise identify you personally. For the purpose of identifying the number of unique visitors to our websites and geographical origin of visitor trends, we may obtain other identifiers including IP addresses in the analysis.  This analysis will not identify individual visitors.


1.5.3 Google Analytics

KPMG uses analytics tool such as Google Analytics to provide website visitors with more choice on how their data is collected during website browsing.  In Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on, which communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or to other web analytics services.

More information about how we use Google Analytics can be found here: http://www.google.com/analytics/terms/us.html.


1.5.4 Web beacons

A web beacon is a small image file on a web page that can be used to collect certain information from your computer, such as an IP address, time the content was viewed, browser type, and the existence of cookies previously set by the same server. KPMG only uses web beacons in accordance with applicable laws.

KPMG or its service providers may use web beacons to track the effectiveness of third-party websites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies.

You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address but cookie information will not be recorded.

In some of our newsletters and other communications, we may monitor recipient actions such as email open rates through embedded links within the messages. We collect this information to gauge user interest and to enhance future user experiences.


1.5.5 Location-based tools

KPMG may collect and use the geographical location of your computer or mobile device. This location data is collected for the purpose of providing you with information regarding services which we believe may be of interest to you based on your geographical location, and to improve our location-based products and services.


1.6 Social media widgets and applications

KPMG websites may include functionality to enable sharing via third party social media applications, such as the Facebook Like button and Twitter widget. These social media applications may collect and use information regarding your use of KPMG websites. Any personal information that you provide via such social media applications may often be collected and used by other members of that social media application and are subject to the privacy policies of the companies that provide the applications. We do not have control over, or responsibility for the companies or their use of your information.

In addition, KPMG websites may host blogs, forums, crowd-sourcing and other applications, or services (collectively "social media features"). The purpose of social media features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any KPMG social media features may be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we often have limited or no control.


1.7 Children

KPMG understands the importance of protecting children's privacy, especially in an online environment. In particular, our sites are not intentionally designed for or directed at children under the age of 18. It is our policy never to knowingly collect or maintain information about anyone under the age of 18, except as otherwise required by law.


2. Sharing and transfer of personal information


2.1 Transfer within the network of KPMG member firms

We may share information about you with other member firms of the KPMG network where the purpose of collection of your personal data requires us to, and with KPMG International and other member firms where required or desirable to meet our legal and regulatory obligations globally. We may also share personal information with the wider KPMG network for purposes of providing services to us such as for hosting and supporting IT applications. For the avoidance of doubt, the wider KPMG network include member firms and infrastructure located outside of Malaysia.


2.2 Transfer to third parties

We do not share personal information with third parties, except as necessary for our legitimate professional and business needs, in response to your requests, and/or as required or permitted by laws and regulations. 

Third parties that we may share your personal information with would include:

—  Our service providers for (IT) systems and hosting.  KPMG works with such providers so they can process your personal information on our behalf. We ensure that the third parties to which we transfer personal data will provide an adequate level of protection on the personal data in accordance with the strict standards that we require for processing of data. We only share personal information that allows them to provide their services.

—  If we are reorganized or sold to another organisation: KPMG may also be required to disclose personal information in connection with the sale, assignment, or other transfer of any element of KPMG’s business to which the personal information relates.

—  Courts, tribunals, law enforcement or regulatory bodies: KPMG will disclose personal information in order to respond to requests of courts, tribunals, government or law enforcement agencies or where it is necessary or prudent to comply with applicable laws, court or tribunal orders or rules, or government or professional regulations.

—  Audits: disclosures of personal information will also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.

KPMG will not transfer the personal information that you provide to any third parties for purposes of direct marketing.


3. Choices

In general, you are not required to submit any personal information to KPMG, but for the purpose(s) that you have interacted with us online, we may require you to provide certain personal information in order for us to process the request(s). KPMG may also ask for your permission for certain uses of your personal information, and you can agree to or decline these uses. If you opt-in for specific communications, such as an electronic newsletter, you will be able to unsubscribe at any time by following the instructions included in each communication.

As described in "Cookies" above, if you wish to prevent cookies from tracking you as you navigate our sites, you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, note that certain portions of our sites may not work properly if you elect to refuse cookies.


4. Your rights

It is important that you ensure the personal information we hold about you is accurate, complete, and up to date. If any of your details change or if you believe that any personal information KPMG has collected about you is inaccurate, you can contact us at MY-FMPrivacy@kpmg.com.my and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable laws and regulations.


5. Data security and integrity

KPMG has reasonable security policies and procedures in place to protect personal information from loss, misuse, unauthorized or accidental access or disclosure, alteration, or destruction. Despite KPMG's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know and KPMG employees who have access are required to maintain the confidentiality of such information.


6. For how long do we keep your personal information

Depending on the specific nature and circumstances under which the information was collected, we will take reasonable efforts to retain personal information only for so long as is necessary to comply with an individual’s request but subject to taking into consideration the legal and regulatory, business or policy requirements that apply.


7. Links to other sites

KPMG websites may contain links to other sites, including sites maintained by other KPMG member firms in which case, the privacy notice of the respective KPMG member firm will apply but which will often differ due to differing laws and regulations in the respective jurisdictions. Users may need to review the privacy notice of each website visited before disclosing any personal information.

When registered on any KPMG website and then navigating to the website of another KPMG member firm while still logged in, you agree to the use of your personal information in accordance with the privacy notice of the KPMG website that you are visiting.


8. Changes to this statement

KPMG may modify this Privacy Statement from time to time to reflect our current privacy practices. When changes are made, we will revise the "updated" date at the top of this page. Any changes to the processing of personal data as described in this Privacy Statement affecting you will be communicated through an appropriate channel, depending on how we normally communicate with you.


9. Contact us

KPMG is committed to protecting the online privacy of your personal information. If you have any questions or concerns regarding this Privacy Statement or would like further information about how we protect your personal data, please email us at MY-FMPrivacy@kpmg.com.my.

For the Bahasa Malaysia version, please click here